Researchers at the University of Wisconsin-Madison have created and uploaded a proof of concept browser extension to the Chrome Web Store that can manipulate text input fields in websites. Why would a group of researchers do such a thing? That would be to show that it’s possible to upload such an extension to Chrome’s Web Store without breaching the browser’s current security and privacy standard, Manifest V3. If this extension can steal passwords and still be approved, there’s no telling how many seemingly legit and safe currently available extensions can do the same.

Meta recently shared new threat research involving mass disinformation campaigns coming from China and Russia. The tech giant removed accounts and pages across all its platforms related to what it referred to as “the largest known cross-platform covert influence operation in the world.” 

The CEO of Tenable has called out Microsoft for its security practices following an attack on the tech giant’s Azure platform, which was disclosed in early July. 

Data security experts are concerned about the potential for voter manipulation following the revelation that hackers managed to access the data of 40 million UK voters. The hack was discovered in October 2022 but was only reported to the public in early August this year. It is not yet known who is behind the attack. 

Over the past few years, a comprehensive identity security approach to IT and cybersecurity environments has become critical to organizations in preventing data breaches. Although crucial, a lack of understanding of best practices holds organizations back. 

Internet of Things (IoT) devices have become an integral part of the lives of many over the last decade, but securing them has been a challenge. But that might be changing. A new report from cybersecurity company Nozomi Networks has found that defenses are improving. On the flip side, security threats are on the rise. Operational Technology (OT) environments, a computing category for industrial environments, face similar struggles.

The European Commission recently approved a newly proposed EU-US data privacy framework concerning how EU data transferred to US companies is handled. Any US company handling EU data will not need to implement additional data protection safeguards if they are operating under the approved framework.